• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
malicious nuget packages caught distributing seroxen rat malware

Malicious NuGet Packages Caught Distributing SeroXen RAT Malware

You are here: Home / General Cyber Security News / Malicious NuGet Packages Caught Distributing SeroXen RAT Malware
October 31, 2023

Cybersecurity scientists have uncovered a new established of destructive deals revealed to the NuGet package deal manager using a lesser-acknowledged process for malware deployment.

Software provide chain security organization ReversingLabs explained the campaign as coordinated and ongoing since August 1, 2023, even though linking it to a host of rogue NuGet packages that have been observed delivering a remote obtain trojan known as SeroXen RAT.

“The danger actors guiding it are tenacious in their wish to plant malware into the NuGet repository, and to continually publish new destructive packages,” Karlo Zanki, reverse engineer at ReversingLabs, claimed in a report shared with The Hacker Information.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

The names of some of the offers are beneath –

  • Pathoschild.Stardew.Mod.Make.Config
  • KucoinExchange.Net
  • Kraken.Trade
  • DiscordsRpc
  • SolanaWallet
  • Monero
  • Modern.Winform.UI
  • MinecraftPocket.Server
  • IAmRoot
  • ZendeskApi.Shopper.V2
  • Betalgo.Open up.AI
  • Forge.Open up.AI
  • Pathoschild.Stardew.Mod.BuildConfig
  • CData.NetSuite.Net.Framework
  • CData.Salesforce.Net.Framework
  • CData.Snowflake.API

These offers, which span numerous versions, imitate well known offers and exploit NuGet’s MSBuild integrations characteristic in order to implant destructive code on their victims, a element called inline responsibilities to attain code execution.

Malicious NuGet Packages

“This is the initially acknowledged example of malware published to the NuGet repository exploiting this inline jobs attribute to execute malware,” Zanki claimed.

The now-taken off packages show very similar qualities in that the menace actors behind the operation tried to conceal the malicious code by making use of areas and tabs to transfer it out of see of the default monitor width.

As beforehand disclosed by Phylum, the packages also have artificially inflated downloaded counts to make them surface a lot more reputable. The final goal of the decoy deals is to act as a conduit for retrieving a next-phase .NET payload hosted on a throwaway GitHub repository.

“The risk actor at the rear of this marketing campaign is being very careful and having to pay awareness to information, and is determined to keep this malicious campaign alive and lively,” Zanki explained.

Found this short article interesting? Follow us on Twitter  and LinkedIn to read through extra exceptional content we post.


Some elements of this post are sourced from:
thehackernews.com

Previous Post: «pentestpad: platform for pentest teams PentestPad: Platform for Pentest Teams
Next Post: Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App arid viper targeting arabic android users with spyware disguised as»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.